In a computing environment, retained data, which may include sensitive or secretive data, may be copied or moved across the environment. For example, the data may be accessed by a computer system and various copies of the data may be stored in locations within the environment or even vended to an external entity. Furthermore, as the size of a computing environment grows, the amount of data that may be categorized as sensitive may also grow. In addition, as the size of a computing environment grows, the number of entities that access the data and retain or exchange the data between one another also grows. If the location in which the data is stored or to which data is provided is not known, the computing environment becomes more exposed to attacks or data theft.
It is often challenging to determine a flow of data within a computing environment by identifying the source of the data as well as a destination receiving the data. Additionally, it is also challenging to utilize access control information when statically analyzing source code for the purpose of identifying data sources and data sinks.